Microsoft and Amazon most impersonated in email attacks

Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari, the email protection specialist.

Microsoft was impersonated in 36 percent of all display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks.

The pattern differs for high-value targets, such as C-suite executives though, Microsoft was impersonated in 71 percent of these attacks. Dropbox is a distant second at seven percent, followed by United Parcel Service (UPS) at six percent.

These attacks often take the form of service updates, security alerts and password resets. The ubiquity of Microsoft Office in corporate environments and the rapid adoption of cloud-based Office 365 makes Microsoft an attractive impersonation target. File-sharing services such as Dropbox are frequently imitated to distribute malware because users are more likely to trust its installation.

"Display name deception is the top technique used to impersonate brands or individuals," says Seth Knox, VP of product marketing at Agari. "For the first time in this report we have been able to measure different categories, people who impersonate brands versus those who impersonate employees such as CEOs and CFOs in things like wire fraud schemes. Impersonating brands is by far the most common tactic and one that is almost never blocked by people's existing email security gateways because the focus there is on impersonating executives."

On a positive note the adoption of the DMARC authentication protocol is on the rise with more than 280 million registered public domains now signed up, an increase of 51 percent in the last quarter. More than half of Fortune 500 companies have now adopted DMARC, compared to just a third last year.

The US federal government now leads all industry verticals with an 84 percent DMARC adoption rate, and more than three-quarters of federal domains (76 percent) have implemented a reject policy for non-authenticated messages. Knox believes that DMARC is now reaching a tipping point where organizations will need to adopt it to maintain consumer trust.

You can find out more by downloading the full report from the Agari website.